package example.hello_security;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * A controller for the hello resource.
 *
 * @author Josh Cummings
 */
@RestController
public class HelloController {

  @GetMapping("/")
  public String hello(Authentication authentication) {
    return "Hello, " + authentication.getName() + "!";
  }

  @PreAuthorize("hasAuthority('SCOPE_ADMIN')")//JWT token解析后会加一个前缀'scope'
  @GetMapping("/admin")
  public String admin(Authentication authentication){
    return authentication.getAuthorities().toString();
  }


}
